Extend AbstractUsernamePasswordAuthenticationHandler for customized authentication impl.?

138 views
Skip to first unread message

Yan Zhou

unread,
Aug 11, 2016, 6:32:07 PM8/11/16
to CAS Community

Hello, 

I am running CAS Overlay 4.1.9.  Instead of configuring CAS Authentication modules (JDBC/LDAP), I extend AbstractUsernamePasswordAuthenticationHandler, wrote my class and implemented authentication by looking up both database and LDAP for my business needs. I have attached some code below.

It works fine on single CAS server. The problem is when I am running two CAS server with memcached storing tickets. Authentication still works fine. The problem is with /serviceValidate call when looking up ST. 

If server 1 authenticates the user, generating TGT and ST, but server2 is the one handling /serviceValidate call (validate ST), I always get "Failed Fetching (Exception waiting for value) from memcached client.  But, if the same server, server 1, handles /serviceValidate, then that works. 

If I replace my MyCASAuthenticationHandler with org.jasig.cas.authentication.AcceptUsersAuthenticationHandler, which has the default "casuser/Mellon" credential, then the above works fine regardless of which server handles  /serviceValidate call.

This is very odd, as I cannot see how Authentication can affect /serviceValidate call, but it does, and I can consistently reproduce this.

What am I missing?

Our authentication needs to look up first database, get some value and with that, look up LDAP, no existing authentication module works that way. It seems reasonable to write my own authentication and it is very easy to do. But, apparently that somehow breaks /serviceValidate call when the call is handled by the server that does not perform the authentication.

Is there some kind of server side session variables and/or values that /serviceValidate will look up?

Thanks,
Yan



in deployerConfigContext.xml

    <bean id="questCasAuthenticationHandler" class="org.jasig.cas.authentication.handler.support.MyCASAuthenticationHandler" 
          p:loginUserRepository-ref="loginUserRepository"
          p:ldapTemplate-ref="ldapTemplate"   />

     dataSource, userRepository and ldapTemplate are defined.       


public class MyCASAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {
LoginUserRepository loginUserRepository;
LdapTemplate ldapTemplate;

@Override
protected HandlerResult authenticateUsernamePasswordInternal(UsernamePasswordCredential credential) 
throws GeneralSecurityException, PreventedException {

                      // i look up database and ldap to authenticate user, I update database here for auditing, return below if authentication is successful.

                     return createHandlerResult(credential, principalFactory.createPrincipal(credential.getUsername()), null);
        }



Reply all
Reply to author
Forward
0 new messages